KERI 101: Witnesses, Watchers, & Detectability

The “oil lights” of cryptographic key management.

Timothy Ruff

--

TL;DR

  • KERI is an open, decentralized protocol for discovery, recovery, and management of cryptographic keys. KERI enables anyone to digitally sign digital things and to verify what others have signed, without the need for shared networks, blockchains, registries, platforms, or identity providers.
  • KERI solves seven hard problems of key management: Rotation, Recovery, Detectability, Discovery, Delegability, Revocability, and Multi-Signature.
  • KERI has three Detectability functions — Witnesses, Watchers, and Anchored Issuances — that are like the oil light of a car: they detect key compromise and malicious behaviors of Signers and service providers.

With KERI Detectability functions…

Signers can detect:

  • Their own compromised keys when used by hackers for signing;
  • Their own compromised keys when used by hackers to rotate, delegate, or revoke their signing keys.

And Verifiers can detect:

  • Compromised Signers;
  • Malicious Signers;
  • Their own malicious or compromised verification service provider.

Without KERI Anchored Issuances in particular, if a Signer suspects key compromise and performs a rotation, it cannot determine which issuances were made fraudulently, and must revoke and reissue all previously issued credentials. (!)

With KERI Anchored Issuances, fraudulently issued credentials will not successfully verify before or after key rotations, whereas authentically issued credentials will continue to successfully verify, even after an unlimited number of key rotations.

What is KERI?

KERI — Key Event Receipt Infrastructure — is a new (2019), open, decentralized protocol for discovering, recovering, and managing cryptographic keys. KERI enables people, organizations, and things to sign digital things and verify what others have signed, without the need for shared networks, blockchains, registries, platforms, or identity providers.

With KERI, Signers and Verifiers worldwide maintain their own infrastructure without anything in common, but they do share one game-changing thing: a protocol for discovering the Signer’s current key state. This enables Verifiers to securely confirm that a piece of data has been signed by a particular Signer, and that it hasn’t been tampered with, revoked, or expired.

KERI is “end verifiable”; the means through which data travels needn’t be secure for it to still be verifiably authentic when it arrives at its destination. KERI is zero trust, enabling objective verifiability without subjective trust, and it creates no centralized troves of valuable data. KERI is quantum-resistant and uses existing cryptography and cloud infrastructure.

In short, KERI brings the ability to distinguish fake from real in the digital realm, across networks, borders, and boundaries of all kinds.

Seven Hard Problems of Key Management

KERI address seven hard problems of key management, listed below. Most were previously not solvable in a decentralized manner, and some not in a centralized one.

Seven hard problems (with the KERI solution):

  1. Rotation (change current keys for new, without re-issuing past issuances)
  2. Recovery (from private key loss or compromise, without re-issuing past issuances)
  3. Detectability (of key compromise or malicious Signer behavior)
  4. Discovery (just-in-time discovery of key state)
  5. Delegability (directly from one Signer/key controller to another)
  6. Revocability (decentralized, instant, with privacy)
  7. Multi-signature (weighted m-of-n, verifiable)

Detectability: Witnesses, Watchers, & Anchored Issuances

Detectability Is the ‘Oil Light’ of Key Management

Together, KERI Witnesses, Watchers, and Anchored Issuances, all described below, enable Detectability. Detectability is like the oil light of a car: ignore it, disconnect it, or omit it at your peril, because it is the most critical indicator on your dashboard.

Removing Witnesses, Watchers, and Anchored Issuances from a system removes Detectability.

Without Detectability, Signers cannot detect:

  • Their own compromised keys when used by hackers for signing;
  • Their own compromised keys when used by hackers to rotate, delegate, or revoke the Signer’s keys.

And Verifiers cannot detect:

  • A Signer’s compromised keys;
  • Malicious Signers;
  • Their own malicious or compromised verification service provider.

What Are Witnesses?

KERI Witnesses are secure, distributed replicas of a Signer’s key event log. They are established (built or bought) and controlled by a Signer (also a “key controller” or “issuer”). A Signer can be anyone or anything, anywhere.

Witnesses make separate, additional replicated points of verification available to Verifiers, enabling Verifiers to detect both compromised and malicious behaviors by Signers. Witnesses can be web servers, distributed databases, blockchains, or any other addressable data source.

To compromise a KERI identifier, each of its Witnesses must also be compromised.

There are no limits or requirements as to whether a Signer uses Witnesses at all or how many; the KERI protocol simply enables any number of Witnesses to be established, deployed however the Signer chooses, and for Verifiers to verify that all Witnesses are acting in unanimity about the Signer’s key state.

What Are Watchers?

KERI Watchers are services established (built or bought) by a Verifier — who can be anyone or anything anywhere — that enable the Verifier to confidently rely on what their own service providers are telling them about a Signer’s key state.

Watchers help Verifiers avoid the single-oracle problem: if you have only one source of truth, you cannot know if that source has been compromised or is acting maliciously (deliberately lying to you). When multiple distinct Watchers all report the same key state of a Signer, it can be more safely relied upon. Having Watchers removes a tempting single point of vulnerability for hackers.

As with Witnesses, there are no limits or requirements as to whether Watchers are used at all or how many; the KERI protocol simply enables any number of Watchers to be established and deployed however desired.

Anchored Issuances: A Breakthrough in Detecting and Preventing the Use of Stolen Keys

Another critical element of Detectability, separate from Witnesses and Watchers, is “Anchored Issuances” (referred to as “seals” in the KERI white paper).

When issued credentials are properly anchored in one’s Key Event Log (KEL) and properly witnessed and watched, it becomes impossible for a hacker of your private keys to use them without your detection; the unauthorized issuances will not successfully verify. With un-anchored / “unbound” issuances, hackers can use stolen private keys as they please with zero detectability and, unfortunately, every issuance they make will successfully verify.

Akin to a check register, Anchored Issuances provide a secure record of issued credentials that can be instantly and cryptographically confirmed by Verifiers. No other system we are aware of provides detectability or prevention of the use of stolen private keys.

No Detectability? Rotate, Revoke, and Re-Issue Everything. (Really)

Some alternative key management systems borrow KERI’s primary functions — pre-rotation, SCIDS, etc. — but forgo its Detectability functions. For them and for all non-KERI key management systems, a big future headache awaits: if a Signer suspects key compromise and performs a rotation, there is no way to distinguish valid issuances from invalid ones — they will all continue to verify successfully — so a Signer must revoke and reissue all previously issued credentials. (!)

That is, if a Signer wishes to maintain a positive reputation for its credentials. Revoking and reissuing everything would likely be a user experience nightmare, which alone defeats the purpose of having pre-rotation. Pre-rotation is arguably KERI’s greatest innovation, but does not achieve its full potential without Detectability.

Can’t We Just Rotate More Often?

Yes, but it won’t help much. KERI pre-rotation can be done repeatedly without downstream costs or consequences for KERI identifiers, a breathtaking breakthrough in key management. But… while a Signer’s more-frequent rotation might attempt to repair one vulnerability — compromise of the Signer’s keys — it does not address other vulnerabilities listed in the “KERI Detectability” section, and it still leaves the ugly problem of revoking and re-issuing everything if a compromise is suspected. In other words, removing Detectability leaves significant holes in the security model no matter how often a Signer rotates their keys.

Such a tradeoff may be acceptable for less critical use cases or at smaller scale, but is likely unacceptable for most organizations.

In Conclusion

KERI Witnesses, Watchers, and Anchored Issuances are the ‘oil lights’ of cryptographic key management, enabling robust detectability of malicious or compromised digital signing behaviors for both Signers and Verifiers. KERI Anchored Issuances goes beyond detection to full-on prevention, actively blocking the use of stolen private keys for credential signing.

KERI Detectability brings critical advances in key management specifically and cybersecurity generally, and should be seriously considered for inclusion within any comprehensive cybersecurity, identity, or key management system.

--

--

Timothy Ruff
Timothy Ruff

Responses (1)